118 matches found
CVE-2022-25805
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. The transmission of cleartext LDAP bind credentials by the cmdmgtloadmgttree command allows an attacker who can intercept or inspect traffic between an authenticated UMS client and server to compromise those LDAP bind...
CVE-2022-25805
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. The transmission of cleartext LDAP bind credentials by the cmdmgtloadmgttree command allows an attacker who can intercept or inspect traffic between an authenticated UMS client and server to compromise those LDAP bind...
IGEL Universal Management Suite 信任管理问题漏洞
The IGEL Universal Management Suite IGEL UMS is a single management solution from IGEL Germany. It can be used for up to tens of thousands of endpoints running IGEL OS. A security vulnerability exists in IGEL Universal Management Suite UMS version 6.07.100, which stems from a hard-coded DES key...
CVE-2021-32591
A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the...
PT-2021-19797 · Fortinet · Fortimail +3
Name of the Vulnerable Software and Affected Versions: FortiSandbox versions prior to 4.0.1 FortiWeb versions prior to 6.3.12 FortiADC versions prior to 6.2.1 FortiMail versions 7.0.1 and earlier Description: A missing cryptographic steps issue in the function that encrypts users' LDAP and RADIUS...
CVE-2021-3825
On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials...
CVE-2021-3825 Missing Authorization Checks in LiderAhenk
On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials...
CVE-2021-3825
CVE-2021-3825 affects the Lider module of LiderAhenk software, specifically versions 2.1.15 and earlier. The root issue is leakage of configurations via an unsecured API, which can expose valid LDAP credentials to anyone with access to the configurations API. This creates a risk of unauthorized a...
Dell EMC NetWorker Multiple Vulnerabilities (DSA-2021-104)
The version of Dell EMC NetWorker installed on the remote Windows host is prior to 19.4.0.2. It is, therefore, affected by multiple vulnerabilities: - Dell EMC NetWorker 18.x, 19.1.x, 19.2.x, 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the...
CVE-2021-21558
Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the...
Information disclosure
Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the...
CVE-2021-21558
Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the...
VulnCheck KEV: CVE-2018-13374
Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server...
CVE-2020-13175
The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 v15 and earlier for Cloud Access Connector contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials...
CVE-2020-13175
The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 v15 and earlier for Cloud Access Connector contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials...
Remote file inclusion
The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 v15 and earlier for Cloud Access Connector contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials...
CVE-2020-13175
The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 v15 and earlier for Cloud Access Connector contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials...
Liferay Portal <= 7.1.3, 7.2.x <= 7.2.1 Multiple Vulnerabilities
Liferay Portal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:liferay:liferayportal"; if...
CVE-2020-5890
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace...
CVE-2020-1958
When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based...